[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: (ITS#4756) IPv6 Addresses are not supported in ACL peername



Given that the code (in aclparse.c) calls inet_addr() with the
peername.ip parameter, I can't see how it could will work with IPv6.

The only possible workaround is using a regex instead of ip type which
by passes the inet_addr() call.

I raised it as a bug since the latest version (as far as I can tell) is
meant to support IPv6 and there is no way that peername.ip does and
there isn't an alternative.

I asked the question regarding other ways to restrict access since I
noted that the documentation mentions TCP Wrappers and has a see also of
host_options(5) -- which does not exist, so I was hoping that some
advice might come while someone looked at the problem (if or when it was
deemed important enough).

Damon Groenveld 
CA
Architect, Development
tel: +61 3 9727 8920
fax: +61 3 9727 3491
mobile: +61 419 922 326
damon.groenveld@ca.com

-----Original Message-----
From: Howard Chu [mailto:hyc@symas.com] 
Sent: Friday, 17 November 2006 4:59 PM
To: Groenveld, Damon
Cc: openldap-its@openldap.org
Subject: Re: (ITS#4756) IPv6 Addresses are not supported in ACL peername

damon.groenveld@ca.com wrote:
> Full_Name: Damon Groenveld
> Version: LATEST
> OS: Solaris, WinXP, Linux, AIX, HP-UX
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (60.224.6.218)
> 
> 
> There does not seem to be the ability to specify an IPv6 address in
the peername
> part of the ACL.
> 
> Is there any other way to restrict access to a host IP address when
using only
> IPv6 addresses?

Software usage questions should be directed to the OpenLDAP-software 
mailing list. There is no indication of a bug here, most likely this 
report should be closed.

-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc
   OpenLDAP Core Team            http://www.openldap.org/project/